cant decrypt files

Discussion in 'Active Directory' started by ckwong19802003, Nov 27, 2006.

  1. hi

    I have these problem

    recovery policy configured for this system contain invalid recovery
    certificate.and i suspect the certificate is expired on the domain controller
    and it cause these problem.Kindly advise on how to fix these problem
     
    ckwong19802003, Nov 27, 2006
    #1
    1. Advertisements

  2. In
    Did you check the domain's CA for the actual expiration date? Was there a
    recovery user configured? By default the domain admin is the recovery
    account.

    --
    Ace
    Innovative IT Concepts, Inc (IITCI)
    Willow Grove, PA

    This posting is provided "AS-IS" with no warranties or guarantees and
    confers no rights.

    Ace Fekay, MCSE 2003 & 2000, MCSA 2003 & 2000, MCSE+I, MCT, MVP
    Microsoft MVP - Directory Services
    Microsoft Certified Trainer

    Having difficulty reading or finding responses to your post?
    Instead of the website you're using, I suggest to use OEx (Outlook Express
    or any other newsreader), and configure a news account, pointing to
    news.microsoft.com. This is a direct link to the Microsoft Public
    Newsgroups. It is FREE and requires NO ISP's Usenet account. OEx allows you
    to easily find, track threads, cross-post, sort by date, poster's name,
    watched threads or subject.
    It's easy:

    How to Configure OEx for Internet News
    http://support.microsoft.com/?id=171164

    Infinite Diversities in Infinite Combinations
    Assimilation Imminent. Resistance is Futile
    "Very funny Scotty. Now, beam down my clothes."

    The only constant in life is change...
     
    Ace Fekay [MVP], Nov 27, 2006
    #2
    1. Advertisements

  3. hello

    there was a domain admin configure as these recovery agent,but i am not sure
    how to fix it,if i do the last alternative uninstall the ca will these will
    be the prefer,kindly advise
     
    ckwong19802003, Nov 28, 2006
    #3
  4. In
    Glad you found your answer. If the CA is unavailable because it was removed
    (uninstalled), then the key's expiration wouldn't help much since it can't
    check the validity of the cert.

    I'll tell you what, you may be better off posting into the
    microsoft.public.security.crypto newsgroup for more help on CAs and certs.

    Ace
     
    Ace Fekay [MVP], Dec 2, 2006
    #4
  5. hello

    After I check on the root cause it seem when the user try to encrypt the
    files there will be a user key to encrypt and also a recovery agent key to
    encrypt as well and when it does these it will check the validation of the
    recovery agent key, seem the key is expire so the user wont able to encrypt
    of even decrypt the files.But what I did is i dont unintall the ca infact I
    just remove the key from the domain policy
     
    ckwong19802003, Dec 3, 2006
    #5
  6. In
    I see. Thanks for the update. As long as you are able to decrypt your files,
    that is good.

    Ace
     
    Ace Fekay [MVP], Dec 4, 2006
    #6
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.